<format>
  <regular-grammar>
    <extensions>
      <extension name="sysinternals" class-name="LogJoint.SysinternalsFormats.Extension, logjoint.sysinternals.plugin.model, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
    </extensions>
    <head-re><![CDATA[^
(?<msgNum>\d+)\t
(?<time>.+?)\t
(?<pName>.+?)\:
(?<pid>\d+)\t
(?<op>.+?)\t
(?<fName>.+?)\t
(?<res>.+?)\t
]]></head-re>
    <body-re><![CDATA[^(?<details>.*?)\s*$]]></body-re>
    <fields-config>
      <field name="Body"><![CDATA[new StringSlice(string.Format("{0} {1} ({2}) {3}=>{4} {5} {6}", msgNumString, pNameString, pidString, opString, resString, fNameString, detailsString))]]></field>
      <field name="Time"><![CDATA[sysinternals.PARSE_FILEMON_TIME(timeString)]]></field>
      <field name="Severity"><![CDATA[resString == "SUCCESS" ? Severity.Info : Severity.Warning]]></field>
    </fields-config>
    <patterns>
      <pattern>*.log</pattern>
    </patterns>
    <encoding>BOM</encoding>
    <rotation supported="false"></rotation>
  </regular-grammar>
  <id company="Sysinternals" name="filemon+regmon log" />
  <description>Reads text logs created by Sysinternals File Monitor (filemon.exe) or Registry Monitor (regmon.exe) tools. Logs saved without clock time are not supported.</description>
</format>